Table of Contents (Start)
- Topics
- Introducing SevOne
- Login
- Startup Wizard
- Dashboard
- Global Search - Advanced Search
- Report Manager
- Report Attachment Wizard
- Report Properties
- Report Interactions
- Instant Graphs
- TopN Reports
- Alerts
- Alert Archives
- Alert Summary
- Instant Status
- Status Map Manager
- Edit Maps
- View Maps
- FlowFalcon Reports
- NBAR Reports
- Logged Traps
- Unknown Traps
- Trap Event Editor
- Trap Destinations
- Trap Destination Associations
- Policy Browser
- Create and Edit Policies
- Webhook Definition Manager
- Threshold Browser
- Create and Edit Thresholds
- Probe Manager
- Discovery Manager
- Device Manager
- New Device
- Edit Device
- Object Manager
- High Frequency Poller
- Device Summary
- Device Mover
- Device Groups
- Object Groups
- Object Summary
- Object Rules
- VMware Browser
- AWS Plugin
- Azure Plugin (Public Preview)
- Calculation Plugin
- Database Manager
- Deferred Data Plugin
- DNS Plugin
- HTTP Plugin
- ICMP Plugin
- IP SLA Plugin
- JMX Plugin
- NAM
- NBAR Plugin
- Portshaker Plugin
- Process Plugin
- Proxy Ping Plugin
- SDWAN Plugin
- SNMP Plugin
- VMware Plugin
- Web Status Plugin
- WMI Plugin
- xStats Plugin
- Indicator Type Maps
- Device Types
- Object Types
- Object Subtype Manager
- Calculation Editor
- xStats Source Manager
- User Role Manager
- User Manager
- Session Manager
- Authentication Settings
- Preferences
- Cluster Manager
- Maintenance Windows
- Processes and Logs
- Metadata Schema
- Baseline Manager
- FlowFalcon View Editor
- Map Flow Objects
- FlowFalcon Views
- Flow Rules
- Flow Interface Manager
- MPLS Flow Mapping
- Network Segment Manager
- Flow Protocols and Services
- xStats Log Viewer
- SNMP Walk
- SNMP OID Browser
- MIB Manager
- Work Hours
- Administrative Messages
- Enable Flow Technologies
- Enable JMX
- Enable NBAR
- Enable SNMP
- Enable Web Status
- Enable WMI
- IP SLA
- SNMP
- SevOne Data Publisher
- Quality of Service
- Perl Regular Expressions
- Trap Revisions
- Integrate SevOne NMS With Other Applications
- Email Tips and Tricks
- SevOne NMS PHP Statistics
- SevOne NMS Usage Statistics
- Glossary and Concepts
- Map Flow Devices
- Trap v3 Receiver
- Guides
- Quick Start Guides
- AWS Quick Start Guide
- Azure Quick Start Guide (Public Preview)
- Data Miner Quick Start Guide
- Flow Quick Start Guide
- Group Aggregated Indicators Quick Start Guide
- IP SLA Quick Start Guide
- JMX Quick Start Guide
- Metadata Quick Start Guide
- RESTful API Quick Start Guide
- Self-monitoring Quick Start Guide
- SevOne NMS Admin Notifications Quick Start Guide
- SNMP Quick Start Guide
- Synthetic Indicator Types Quick Start Guide
- Topology Quick Start Guide
- VMware Quick Start Guide
- Web Status Quick Start Guide
- WMI Quick Start Guide
- xStats Quick Start Guide
- xStats Adapter - Accedian Vision EMS (TM) Quick Start Guide
- Deployment Guides
- Automated Build / Rebuild (Customer) Instructions
- Generate a Self-Signed Certificate or a Certificate Signing Request
- SevOne Best Practices Guide - Cluster, Peer, and HSA
- SevOne Data Platform Security Guide
- SevOne NMS Implementation Guide
- SevOne NMS Installation Guide - Virtual Appliance
- SevOne NMS Advanced Network Configuration Guide
- SevOne NMS Installation Guide
- SevOne NMS Port Number Requirements Guide
- SevOne NMS Upgrade Process Guide
- SevOne Physical Appliance Pre-Build BIOS and RAID Configuration Guide
- SevOne SAML Single Sign-On Setup Guide
- Cloud Platforms
- Other Guides
- Quick Start Guides
Flow Rules
The Flow Rules page enables you to define global rules to allow or deny the processing of the flow data SevOne NMS receives.
SevOne NMS evaluates the flow rules (in the order of precedence which matches the order in which they are displayed in the user interface) you define and all rules that match, are simply applied in the order displayed on the page. When you enable devices to send flow data to SevOne NMS, SevOne NMS allows and processes all flow data by default. Networks have the potential to send large amounts of flow traffic. The Flow Rules page enables you to define global rules to deny the processing of flows. You can override the rules you define here for specific interfaces from the Flow Interface Manager .
To access the Flow Rules page from the navigation bar, click the Administration menu, select Flow Configuration, and then select Flow Rules.
Flow Rules List
The list displays all flow rules by default. Click the Display drop-down to display rules for All Sources, Allowed Sources, or Denied Sources.
-
Device / Device Group - Displays the name of the device / device group for which the rule is applicable. Displays All when the rule applies to all devices / device groups that have yet to send flow to SevOne NMS.
-
Priority - Displays priority based on rule(s) applied. There are 3 priorities - 1, 2, and 3 where 1 is the highest priority.
-
priority is set to 1 if the field Reapply Rule (Continuous) is selected.
-
priority is set to 2 if the field Reapply Rule (Continuous) is not selected and general rules do not apply. i.e., IP Address field is not All IPv4 or All IPv6.
-
priority is set to 3 for general rules where the field IP Address is All IPv4 or All IPv6.
Example
Rules can be moved if the priority is the same. For example, in the example above, you have 2 rules with Priority = 2 (in rows 2 and 3).
Row 2 contains:
-
Device / Device Group = All Device Groups
-
Priority = 2
-
IP Address = <empty>
-
Interface / Object Group = All
-
Direction = All
-
Permission = Deny
-
Reapply Rule (Continuous) = NO
-
Peer = All Peers
Row 3 contains:
-
Device / Device Group = All Device Groups
-
Priority = 2
-
IP Address = <empty>
-
Interface / Object Group = All
-
Direction = All
-
Permission = Allow
-
Reapply Rule (Continuous) = NO
-
Peer = pandora-01
You may drag-n-drop row 2 to be in position row 3 and vice-versa because both these rows have the same priority. Or, you can click
on the row you want to move within the same priority. You cannot move rules that are of different priorities.
On row 3, click the up arrow to Move Up to row 2 or can drag-n-drop the rule to row 2. Or, on row 2, click the down arrow to Move Down to row 3 or can drag-n-drop the rule to row 3.
After the move between rows 2 and 3 is performed, you will see that row 2 is now in row 3 and vice-versa.
If you try to move row 1 to row 2, you will get an error message Moving the rules to a different priority is not allowed. Since row 1 is of priority = 1 and row 2 is of priority = 2, rules cannot be moved.
-
-
-
IP Address - Displays the device IP address. If resource type selected is Device Group, this field is empty.
-
Interface / Object Group - Displays the interface or the object group for which the rule is applicable. Displays All when the rule applies to all interfaces / object groups that have yet to send flows to SevOne NMS.
-
Direction - Displays Incoming when the rule applies to incoming traffic. Displays Outgoing when the rule applies to outgoing traffic. Displays All when the rule applies to flows that are from devices / device groups that are in SevOne NMS.
-
Permission - Displays Allow when SevOne NMS processes the flow data across the interface. Displays Deny when SevOne NMS does not process the flow data across the interface.
-
Reapply Rule(Continuous) - select the check box to apply updated flow rules to existing flow interfaces that have already been discovered. This allows flow rules and flow interface manager policies to remain consistent.
Object Group based rules without reapply rule continuously may not work as you expect because such a rule is only automatically applied for a new interface as it is first seen by the system, at which point by definition there is no object mapping for it.
A workaround for this is to apply the rules later by clicking the Reapply All Rules button.
-
Peer – Displays the name of the peer to which you define the device / device group to send flow data.
Manage Flow Rules
Perform the following steps to manage the rules in the list.
-
– Select the check box for each rule to manage, click
, and then select one of the following options.
-
Select Allow Selected Flows to process the flow data across the interface.
-
Select Deny Selected Flows to not process the flow data across the interface.
-
Select Delete Selected Rules to delete the rules.
-
-
Click button Reapply All Rules for all flow rules to be applied. You will get the following pop-up to confirm if you are sure you want to reapply all flow rules.
CAUTIONWhen you reapply all flow rules by clicking OK in the pop-up, it will impact the collection of flow data for the device interfaces that have already been discovered. Please proceed with caution!
Perform the following steps to add and edit flow rules.
-
Click Add Rule to display Add New Flow Rule pop-up. Or, click
on the row of an existing flow rule to display Edit Flow Rule pop-up.
Example: Add new flow rule / Edit existing flow rule
When editing a Flow Rule, only field Permission can be modified for general rules where field IP Address is either All IPv4 or All IPv6.
-
Click the Resource Type drop-down to select Device or Device Group.
-
Device
-
Peer - click the drop-down and select the peer to define the device to send flow data.
-
Device - click the drop-down and select the device to which you want to define a flow rule. If you select Specify..., enter the IP address in the IP Address field. Select All if you want to define the flow rule to all devices. By default, it is set to All.
-
Interface Resource Type - click the drop-down and select Interface or Object Group.
-
if Interface is selected, then from field Interface, select the interface to which you want to apply the rule to.
-
if field Interface is set to All, it means to apply the rule to all interfaces. By default, field Interface is set to All.
-
if field Interface is set to Router Generated, it means to apply the rule to router generated interfaces.
-
if field Interface is set to Specify..., enter the interface number in field Interface Number to apply the rule to the interface number entered.
For field Interface, options Router Generated and Specify... are not available when Peer is set to All Peers.
-
-
if Object Group is selected, then in field Object Group, click the drop-down and select an object group from the list available to which you want to apply the rule to. ç
-
-
Direction - click the drop-down.
-
Select All to apply the rule to all applicable incoming or outgoing flows.
-
Select Incoming to apply the rule to data that comes into the device. V5 NetFlow is an ingress technology that can only report on data that the interface receives.
-
Select Outgoing to apply the rule to data that goes out from the interface. For v5 NetFlow, SevOne NMS uses data from other flows to create an estimation of outgoing flows.
-
-
Permission - select option Allow or Deny.
-
Select Allow to process the flow data across the interface.
-
Select Deny to not process the flow data across the interface.
Click Save.
When the rule specifies that,
-
the device IP address is not the default IPv4 or IPv6 address,
-
direction is not all (i.e., must be incoming / outgoing), and
-
the interface is not all
the rule appears in Flow Interface Manager page and not the Flow Rules page.
-
-
-
Reapply Rule(Continuous) - select the check box to apply updated flow rules to existing flow interfaces that have already been discovered. This allows flow rules and flow interface manager policies to remain consistent.
-
-
Device Group
-
Peer - click the drop-down and select the peer to which you define the device group to send flow data.
-
Device Group - click the drop-down and select the device group to which you want to define a flow rule.
-
Interface Resource Type - click the drop-down and select Interface or Object Group.
-
if Interface is selected, then from field Interface, select the interface to which you want to apply the rule to.
-
if field Interface is set to All, it means to apply the rule to all interfaces. By default, field Interface is set to All.
-
if field Interface is set to Router Generated, it means to apply the rule to router generated interfaces.
-
if field Interface is set to Specify..., enter the interface number in field Interface Number to apply the rule to the interface number entered.
For field Interface, options Router Generated and Specify... are not available when Peer is set to All Peers.
-
-
if Object Group is selected, then in field Object Group, click the drop-down and select an object group from the list available to which you want to apply the rule to.
-
-
Direction - click the drop-down.
-
Select All to apply the rule to all applicable incoming or outgoing flows.
-
Select Incoming to apply the rule to data that comes into the device group. V5 NetFlow is an ingress technology that can only report on data that the interface receives.
-
Select Outgoing to apply the rule to data that goes out from the interface. For v5 NetFlow, SevOne NMS uses data from other flows to create an estimation of outgoing flows.
-
-
Permission - select option Allow or Deny.
-
Select Allow to process the flow data across the interface.
-
Select Deny to not process the flow data across the interface.
-
-
Reapply Rule(Continuous) - select the check box to apply updated flow rules to existing flow interfaces that have already been discovered. This allows flow rules and flow interface manager policies to remain consistent.
-
-